diff options
author | Tobias Nießen <tniessen@tnie.de> | 2018-04-15 02:58:25 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2018-06-01 09:52:27 +0200 |
commit | faf449ca0490f5371dc6cbbc94a87eb697b00fcc (patch) | |
tree | 196300f9cf398f76c3cc6cd02db2638d10f55b77 /deps/v8/third_party/jinja2/Jinja2-2.8.tar.gz.md5 | |
parent | cb3d049badb772fc1ea7051540d50c89f73e36dd (diff) | |
download | android-node-v8-faf449ca0490f5371dc6cbbc94a87eb697b00fcc.tar.gz android-node-v8-faf449ca0490f5371dc6cbbc94a87eb697b00fcc.tar.bz2 android-node-v8-faf449ca0490f5371dc6cbbc94a87eb697b00fcc.zip |
crypto: throw in setAuthTag on invalid length
The current implementation performs limited checks only and silently
ignores superfluous bytes of the authentication tag. This change makes
setAuthTag throw when
- the user-specified authTagLength does not match the actual tag length,
especially when the authentication tag is longer than 16 bytes, and
when
- the mode is GCM, no authTagLength option has been specified and the
tag length is not a valid GCM tag length.
This change makes the conditional assignment in SetAuthTag unnecessary,
which is replaced with a CHECK.
Refs: https://github.com/nodejs/node/pull/17825
PR-URL: https://github.com/nodejs/node/pull/20040
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Yihong Wang <yh.wang@ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'deps/v8/third_party/jinja2/Jinja2-2.8.tar.gz.md5')
0 files changed, 0 insertions, 0 deletions